[SCM] KDE Base Workspace module packaging branch, kde4.11, updated. debian/4.11.2-3-4-g7031074

Lisandro Damián Nicanor Pérez lisandro at alioth.debian.org
Fri Nov 1 21:30:58 UTC 2013


Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/kde-workspace.git;a=commitdiff;h=7031074

The following commit has been merged in the kde4.11 branch:
commit 703107436d613dfaf89b068689b1e2fd4cb1acc0
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date:   Fri Nov 1 18:30:34 2013 -0300

    Also add the SELinux pam stuff to kdm-np.
---
 debian/kdm-np.pam |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/debian/kdm-np.pam b/debian/kdm-np.pam
index a13232b..c4c6c81 100644
--- a/debian/kdm-np.pam
+++ b/debian/kdm-np.pam
@@ -4,8 +4,17 @@
 auth       required     pam_nologin.so
 auth       required     pam_env.so readenv=1
 auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+session    [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
 session    required     pam_limits.so
+session    required     pam_loginuid.so
+ at include common-session
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session    [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
 @include common-account
 @include common-password
- at include common-session
 auth       required     pam_permit.so

-- 
KDE Base Workspace module packaging



More information about the pkg-kde-commits mailing list